elastic · mshustov · Aug 15, 2019 · Aug 14, 2019
diff --git a/src/core/server/http/http_config.ts b/src/core/server/http/http_config.ts
@@ -26,6 +26,8 @@ const validBasePathRegex = /(^$|^\/.*[^\/]$)/;
 const match = (regex: RegExp, errorMsg: string) => (str: string) =>
   regex.test(str) ? undefined : errorMsg;
 
+// before update to make sure it's in sync with validation rules in Legacy
+// https://github.com/elastic/kibana/blob/master/src/legacy/server/config/schema.js
 export const config = {
   path: 'server',
   schema: schema.object(

diff --git a/src/legacy/server/config/schema.js b/src/legacy/server/config/schema.js
@@ -18,9 +18,6 @@
  */
 
 import Joi from 'joi';
-import {
-  constants as cryptoConstants
-} from 'crypto';
 import os from 'os';
 
 import {
@@ -35,6 +32,7 @@ import {
   DEFAULT_CSP_WARN_LEGACY_BROWSERS,
 } from '../csp';
 
+const HANDLED_IN_NEW_PLATFORM = Joi.any().description('This key is handled in the new platform ONLY');
 export default () => Joi.object({
   pkg: Joi.object({
     version: Joi.string().default(Joi.ref('$version')),
@@ -83,50 +81,34 @@ export default () => Joi.object({
   server: Joi.object({
     uuid: Joi.string().guid().default(),
     name: Joi.string().default(os.hostname()),
-    host: Joi.string().hostname().default('localhost'),
-    port: Joi.number().default(5601),
-    keepaliveTimeout: Joi.number().default(120000),
-    socketTimeout: Joi.number().default(120000),
-    maxPayloadBytes: Joi.number().default(1048576),
-    autoListen: Joi.boolean().default(true),
     defaultRoute: Joi.string().default('/app/kibana').regex(/^\//, `start with a slash`),
-    basePath: Joi.string().default('').allow('').regex(/(^$|^\/.*[^\/]$)/, `start with a slash, don't end with one`),
-    rewriteBasePath: Joi.boolean().when('basePath', {
-      is: '',
-      then: Joi.default(false).valid(false),
-      otherwise: Joi.default(false),
-    }),
     customResponseHeaders: Joi.object().unknown(true).default({}),
-    ssl: Joi.object({
-      enabled: Joi.boolean().default(false),
-      redirectHttpFromPort: Joi.number(),
-      certificate: Joi.string().when('enabled', {
-        is: true,
-        then: Joi.required(),
-      }),
-      key: Joi.string().when('enabled', {
-        is: true,
-        then: Joi.required()
-      }),
-      keyPassphrase: Joi.string(),
-      certificateAuthorities: Joi.array().single().items(Joi.string()).default([]),
-      supportedProtocols: Joi.array().items(Joi.string().valid('TLSv1', 'TLSv1.1', 'TLSv1.2')).default(['TLSv1.1', 'TLSv1.2']),
-      cipherSuites: Joi.array().items(Joi.string()).default(cryptoConstants.defaultCoreCipherList.split(':'))
-    }).default(),
-    cors: Joi.when('$dev', {
-      is: true,
-      then: Joi.object().default({
-        origin: ['*://localhost:9876'] // karma test server
-      }),
-      otherwise: Joi.boolean().default(false)
-    }),
     xsrf: Joi.object({
       disableProtection: Joi.boolean().default(false),
       whitelist: Joi.array().items(
         Joi.string().regex(/^\//, 'start with a slash')
       ).default([]),
       token: Joi.string().optional().notes('Deprecated')
     }).default(),
+
+    // keep them for BWC, remove when not used in Legacy.
+    // validation should be in sync with one in New platform.
+    // https://github.com/elastic/kibana/blob/master/src/core/server/http/http_config.ts
+    basePath: Joi.string().default('').allow('').regex(/(^$|^\/.*[^\/]$)/, `start with a slash, don't end with one`),
+    host: Joi.string().hostname().default('localhost'),
+    port: Joi.number().default(5601),
+    rewriteBasePath: Joi.boolean().when('basePath', {
+      is: '',
+      then: Joi.default(false).valid(false),
+      otherwise: Joi.default(false),
+    }),
+
+    autoListen: HANDLED_IN_NEW_PLATFORM,
+    cors: HANDLED_IN_NEW_PLATFORM,
+    keepaliveTimeout: HANDLED_IN_NEW_PLATFORM,
+    maxPayloadBytes: HANDLED_IN_NEW_PLATFORM,
+    socketTimeout: HANDLED_IN_NEW_PLATFORM,
+    ssl: HANDLED_IN_NEW_PLATFORM,
   }).default(),
 
   uiSettings: Joi.object().keys({

diff --git a/src/legacy/server/config/schema.test.js b/src/legacy/server/config/schema.test.js
@@ -101,128 +101,6 @@ describe('Config schema', function () {
       });
     });
 
-    describe('ssl', function () {
-      describe('enabled', function () {
-
-        it('can\'t be a string', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', 'bogus');
-          const { error } = validate(config);
-          expect(error).toBeInstanceOf(Object);
-          expect(error).toHaveProperty('details');
-          expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'enabled']);
-        });
-
-        it('can be true', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', true);
-          set(config, 'server.ssl.certificate', '/path.cert');
-          set(config, 'server.ssl.key', '/path.key');
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-
-        it('can be false', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', false);
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-      });
-
-      describe('certificate', function () {
-
-        it('isn\'t required when ssl isn\'t enabled', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', false);
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-
-        it('is required when ssl is enabled', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', true);
-          set(config, 'server.ssl.key', '/path.key');
-          const { error } = validate(config);
-          expect(error).toBeInstanceOf(Object);
-          expect(error).toHaveProperty('details');
-          expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'certificate']);
-        });
-      });
-
-      describe('key', function () {
-        it('isn\'t required when ssl isn\'t enabled', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', false);
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-
-        it('is required when ssl is enabled', function () {
-          const config = {};
-          set(config, 'server.ssl.enabled', true);
-          set(config, 'server.ssl.certificate', '/path.cert');
-          const { error } = validate(config);
-          expect(error).toBeInstanceOf(Object);
-          expect(error).toHaveProperty('details');
-          expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'key']);
-        });
-      });
-
-      describe('keyPassphrase', function () {
-        it('is a possible config value', function () {
-          const config = {};
-          set(config, 'server.ssl.keyPassphrase', 'password');
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-      });
-
-      describe('certificateAuthorities', function () {
-        it('allows array of string', function () {
-          const config = {};
-          set(config, 'server.ssl.certificateAuthorities', ['/path1.crt', '/path2.crt']);
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-
-        it('allows a single string', function () {
-          const config = {};
-          set(config, 'server.ssl.certificateAuthorities', '/path1.crt');
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-      });
-
-      describe('supportedProtocols', function () {
-
-        it ('rejects SSLv2', function () {
-          const config = {};
-          set(config, 'server.ssl.supportedProtocols', ['SSLv2']);
-          const { error } = validate(config);
-          expect(error).toBeInstanceOf(Object);
-          expect(error).toHaveProperty('details');
-          expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'supportedProtocols', 0]);
-        });
-
-        it('rejects SSLv3', function () {
-          const config = {};
-          set(config, 'server.ssl.supportedProtocols', ['SSLv3']);
-          const { error } = validate(config);
-          expect(error).toBeInstanceOf(Object);
-          expect(error).toHaveProperty('details');
-          expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'supportedProtocols', 0]);
-        });
-
-        it('accepts TLSv1, TLSv1.1, TLSv1.2', function () {
-          const config = {};
-          set(config, 'server.ssl.supportedProtocols', ['TLSv1', 'TLSv1.1', 'TLSv1.2']);
-          const { error } = validate(config);
-          expect(error).toBe(null);
-        });
-      });
-    });
-
     describe('xsrf', () => {
       it('disableProtection is `false` by default.', () => {
         const { error, value: { server: { xsrf: { disableProtection } } } } = validate({});